#!/bin/bash
set -e

# 获取本机IP地址
IP=`ifconfig | grep inet | grep netmask | grep broadcast | awk '{ print $2}'`

# 生成带密码的私钥文件
openssl genrsa -des3 -out server.pass.key 2048

# 去除server.pass.key中的密码
openssl rsa -in server.pass.key -out server.key

# 删除多余文件
rm server.pass.key

# 生成csr文件
openssl req -new -key server.key -out server.csr -subj "/C=CN/ST=Shanghai/L=Shanghai/O=yunmiao/OU=development/CN=${IP}"

# 生成自签名的SSL证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

# crt转pem
openssl x509 -in server.crt -out server.pem

# 删除多余文件
rm server.csr

echo "一般使用server.crt和server.key文件"
echo "OpenSSL certificate created successfully"